CVE-2024-26263

Summary

EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login.

Affected Software

VendorProductVersion RangeStatus
EBM TechnologiesRISWEB1.*affected
EBM TechnologiesRISWEB2.*affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References